<?php
/*
	Copyright 2006, 2007, 2008, 2009, 2010 Bastiaan Grutters
    
    This file is part of Ages of Strife website.

    Ages of Strife website is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    Ages of Strife website is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with Ages of Strife website.  If not, see <http://www.gnu.org/licenses/>.
 */
session_start();
	if( isset( $_POST[ 'recover_address' ] ) && $_POST[ 'recover_address' ] != "" ) {
		include( 'utils.php' );
		include_once( 'old_database_connection.php' );
		$email = formatEmail( $_POST[ 'recover_address' ] );
		$query = "SELECT user_id FROM users WHERE email = '" . $email . "'";
		$result = mysql_query( $query ) or die( "Query failed : " . mysql_error() );
		$row = mysql_fetch_array($result, MYSQL_ASSOC);
		
		if( isset( $row[ 'user_id' ] ) ) {
			$_SESSION[ 'password_recover_status' ] = "There is no account with that e-mail address.";
			$change_key = getRandomChars( 40 );

			$query = "UPDATE users SET password_key = '$change_key' WHERE user_id = " . $row[ 'user_id' ];
			$result = mysql_query( $query ) or die( "Query failed : " . mysql_error() );

			$query = "SELECT gameurl FROM game";
			$result = mysql_query( $query ) or die( "Query failed : " . mysql_error() );
			$row = mysql_fetch_array($result, MYSQL_ASSOC);
			
			$message = "This is a password reset e-mail for Ages of Strife.\r\n" .
						"To reset your password click on the link below, this will reset your password and send you your new password.\r\n" .
						"If you do not click on the link nothing will happen and you can access the game with your old password.\r\n" .
						$row[ 'gameurl' ] . "/global/password_lost.php?key=" . $change_key . "\r\n\r\n";
						
			$message .= "This is an automatically generated e-mail from the browser based game Ages of Strife.";
			
			if( mail( $email, "Ages of Strife: password reset function", $message, "From: no-reply@agesofstrife.bastiaangrutters.nl" ) ) {
				$_SESSION[ 'password_recover_status' ] = "An e-mail with password reset link has been sent to your accounts e-mail address.";
			}
			else {
				$_SESSION[ 'password_recover_status' ] = "There was a problem sending the password recovery e-mail, you can try again or contact a game administrator.";
			}
		}
		else {
			$_SESSION[ 'password_recover_status' ] = "There is no account with that e-mail address.";
		}
	}
	else if ( isset( $_GET[ 'key' ] ) && $_GET[ 'key' ] != "" ) {
		include( 'utils.php' );
		include_once( 'old_database_connection.php' );
		$key = formatInput( $_GET[ 'key' ] );
		$query = "SELECT user_id, username, email FROM users WHERE password_key = '" . $key . "'";
		$result = mysql_query( $query ) or die( "Query failed : " . mysql_error() );
		$row = mysql_fetch_array($result, MYSQL_ASSOC);
		if( isset( $row[ 'user_id' ] ) ) {
			$password = getRandomChars( 6 );
			$password_crypt = crypt( $password );
			$username_tmp = $row[ 'username' ];
			$email_tmp = $row[ 'email' ];
			$query = "UPDATE users SET password = '$password_crypt', password_key = NULL WHERE user_id = " . $row[ 'user_id' ];
			$result = mysql_query( $query ) or die( "Query failed : " . mysql_error() );
			
			$query = "SELECT gameurl FROM game";
			$result = mysql_query( $query ) or die( "Query failed : " . mysql_error() );
			$row = mysql_fetch_array($result, MYSQL_ASSOC);
			
			$message = "Your password has been reset.\r\n" .
						"Your username and password are shown below.\r\n" .
						"Username: " . $username_tmp . "\r\nPassword: " . $password .
						"\r\n\r\nYou can log back into the game again by going here: " . 
						$row[ 'gameurl' ] . "/index.php\r\n\r\n";
						
			$message .= "This is an automatically generated e-mail from the browser based game Ages of Strife.";
			
			if( mail( $email_tmp, "Ages of Strife: new password", $message, "From: no-reply@agesofstrife.bastiaangrutters.nl" ) ) {
				$_SESSION[ 'password_recover_status' ] = "An e-mail has been sent containing your username and password.";
			}
			else {
				$_SESSION[ 'password_recover_status' ] = "There was a problem sending your new password and username, you can try again or contact a game administrator.";
			}
		}
		else {
			$_SESSION[ 'password_recover_status' ] = "The key you have supplied for password recovery is incorrect.";
		}
	}
	header( "Location: ../support.php" );
?>
